Sponsored Link

If you want to ssh your vps server or your home computer from your work place (assuming you are using http proxy).You need to use Corkscrew.

corkscrew is a simple tool to tunnel TCP connections through an HTTP proxy supporting the CONNECT method. It reads stdin and writes to stdout during the connection, just like netcat.

It can be used for instance to connect to an SSH server running on a remote 443 port through a strict HTTPS proxy.

Install corkscrew in ubuntu using the following command

sudo aptitude install corkscrew

This will complete the installation.

Configue corkscrew

If your HTTP proxy uses authentication, then you’ll need to tell it about the username and password to use This is where the concept of ‘auth-file’ comes into play. All you have to do is put your username & password, separated by a colon, into a textfile. Once you’ve done this, you just have to tell corkscrew where to find the auth-file. Create a file called .corkscrew-auth in your home directory

$touch .corkscrew-auth

$gedit .corkscrew-auth

and place your username and password in the following format

username:password

Save and exit the file.

Configure ssh For Tunneling

Now we’ll tell ssh what to do when connecting to all or specific hosts. Open up ~/.ssh/config (that’s /home/yourusername/.ssh/config) in your favourite text editor (gedit,nano,vim etc)

10 thoughts on “How to use SSH Via HTTP Proxy using Corkscrew in Ubuntu”

You should add that (1) this could violate the security policy in many companies, and (2) that this is relatively easy detectable at the proxy. So it would be a good idea to talk to your IT guys before you try this.

I used connect-proxy a Debian specific little executable that does just the same.
I also found out that the proxy must allow ssl access to the port you want to connect to, otherwise these tool won’t work.

As kuminamoya says, this tunneling is easily detected if the proxy uses stateful packet inspection. However, if the ssh session is made through https, then it should be private. How might one accomplish this?

One catch is that the majority of https proxies are configured to only allow forwarding to port 443. The https protocol supports any destination port on the far-end machine (eg 22), but typical corporate firewalls insist that the dest-port must be 443.

The answer is to run your ssh server on port 443, or set up an inbound firewalling rule to redirect connections from 443 to 22.

Also worth mentioning that SSH -R allows reverse-port-forwarding. So once you have outbound SSH, you get inbound SSH for free.